ExecStop on the user service caused an unmount race: it fired
asynchronously after logout while the next login's install.sh had
already remounted the wallet, then unmounted it again leaving
kwalletd6 without its wallet directory.
install.sh already handles umount/remount at login start, so no
ExecStop is needed. On gocryptfs systems the wallet becomes
inaccessible at logout naturally when ~/data is unmounted.
user_run.sh now explicitly stops any leftover kwalletd6-logon unit
from a previous session before creating a new one, avoiding the
systemd-run unit-name-conflict failure.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ExecStop (umount) fires asynchronously ~26s after logout, by which
time a second login's install.sh has already remounted the wallet.
ExecStop then unmounts the fresh mount, leaving kwalletd6 without
the wallet directory.
Fix: stop kwalletd6-logon.service at the top of install.sh so its
ExecStop fires and drains before the remount, eliminating the race.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Switch kwalletd6-logon from --scope to a transient service with
RemainAfterExit=yes (kwalletd6 forks to background, so the service
must stay active after the main process exits). ExecStop runs
'sudo umount -l' to detach the wallet bind mount before gocryptfs
unmounts ~/data (Before=gocryptfs-home.service ordering).
install.sh adds a per-user sudoers drop-in so the user service
can call umount as root without a password.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Daniel unbrot Pätzold
unbrot